Skip to content

Harden base stack deployment#703

Open
Leoyyg wants to merge 1 commit into
illbnm:masterfrom
Leoyyg:codex/base-stack-hardening
Open

Harden base stack deployment#703
Leoyyg wants to merge 1 commit into
illbnm:masterfrom
Leoyyg:codex/base-stack-hardening

Conversation

@Leoyyg

@Leoyyg Leoyyg commented Jun 27, 2026

Copy link
Copy Markdown

Summary

This PR hardens and fixes the base infrastructure stack for issue #1.

Changes:

  • adds docker-socket-proxy and points Traefik's Docker provider to tcp://docker-socket-proxy:2375
  • removes Traefik's direct /var/run/docker.sock mount
  • mounts the generated Traefik dashboard htpasswd file into /dynamic/.htpasswd
  • creates proxy, acme.json, and .htpasswd during install when missing
  • fixes install.sh to launch the existing stacks/base/docker-compose.yml instead of a missing root compose file
  • aligns Watchtower with the issue requirement to run at 03:00
  • refreshes the base stack README with deployment, auth, socket-proxy, TLS, and verification notes

Bounty / issue

Targets #1.

This is intended as a quality/compliance pass over the current base stack implementation, especially the socket-proxy requirement and install path.

Testing

  • Reviewed the generated diff locally.
  • Could not run docker compose config in this environment because Docker is not installed here.

@Leoyyg

Leoyyg commented Jun 27, 2026

Copy link
Copy Markdown
Author

Bounty claim for #1.

PR submitted: #703

This PR focuses on the remaining compliance/quality gaps in the base stack:

  • adds docker-socket-proxy for Traefik Docker discovery
  • removes Traefik's direct Docker socket mount
  • fixes the install script to use the actual base compose file
  • creates required runtime files/network during install
  • aligns Watchtower with the 03:00 schedule requirement
  • refreshes README verification/deployment docs

For payout, I can accept Alipay or WeChat Pay. I can provide the QR code privately if needed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant